package com.satelliteimagesystem.config;

import com.satelliteimagesystem.service.CustomUserDetailsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private CustomUserDetailsService userDatailService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable(); //关闭csrf，默认是开启的，开启后会导致我们的登录被拦截，导致登录失败
        http.formLogin()
//                .loginPage("/toLogin") //设置默认登录页
                .usernameParameter("username") //设置从前端提交过来的用户名参数
                .passwordParameter("password") //设置从前端提交过来的密码参数
                .defaultSuccessUrl("/") //设置默认登录成功页面，会跳转到登录前的路径
                .successForwardUrl("/") //设置默认登录成功会跳转到登录前的路径
//                .failureForwardUrl("/toLogin") //设置登录失败后的请求
                .loginProcessingUrl("/login"); //设置登录请求路径

        //antMatchers括号里面可以输入多个请求路径，用逗号隔开
        http.authorizeRequests() //设置访问请求的权限
                .antMatchers("/") //默认首页允许所有用户都可以访问，不登录也能访问
                .permitAll()
                .antMatchers("/common/**") //admin下面的页面只有拥有admin角色的用户才能访问
                .hasAnyRole("user", "admin")
                .antMatchers("/try/**") //user下面的页面只有拥有user角色的用户才能访问
                .hasRole("admin");

        //注销用户，注销成功后跳转到/请求
        http.logout().logoutSuccessUrl("/");

        //开启记住我功能，设置保存时间为一天
        http.rememberMe().tokenValiditySeconds(60*60*24);

        //允许iframe
        http.headers().frameOptions().disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //使用BCryptPasswordEncoder对密码进行加密
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("szn") //给zhu用户添加admin和user权限
                .password(new BCryptPasswordEncoder().encode("123456")).roles("admin","user")
                .and()
                .withUser("flash") //给admin用户添加admin权限
                .password(new BCryptPasswordEncoder().encode("123456")).roles("admin");

        auth
                // 从数据库读取的用户进行身份认证
                .userDetailsService(userDatailService)
                .passwordEncoder(passwordEncoder);
    }

    //静态请求要放行
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
                .antMatchers("/webjars/**")
                .antMatchers("/static/**");
    }
}

